"2.4 Importance of BIOS Integrity
As the first code that is executed by the main CPU, the system BIOS is a critical security component of a computer system. While the system BIOS, possibly with the use of a Trusted Platform Module (TPM), can verify the integrity of firmware and software executed later in the boot process, typically all or part of the system BIOS is implicitly trusted."
From the NIST memo highlighted in the DoD letter.
Can anyone explain exactly what the second sentence of this clause means? Is it saying that a TPM is the essential root of trust? Or is it suggesting it is optional as the system BIOS is "implicitly trusted"?
If TPM is the necessary root of trust, which I presume it is, Wave's endpoint monitor looks to be unchallenged in this space currently.